Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Trojaner TR/Gendal gefunden und mit OTL gesvannt

Trojaner TR/Gendal gefunden und mit OTL gesvannt


Plagegeister aller Art und deren Bekämpfung: Trojaner TR/Gendal gefunden und mit OTL gesvannt

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 02.10.2010, 19:54   #1
reaper666
 
Trojaner TR/Gendal gefunden und mit OTL gesvannt - Standard

Trojaner TR/Gendal gefunden und mit OTL gesvannt


Hallo !!!!

Habe diesen Trojaner mit AntiVir gefunden und nach den Postvorschlägen hier im Forum mit OTL gescannt.
Hier nun das Ergebnis,bitte um Hilfestellung wie ich den ohne Formatierung loswerde!!!

Danke =)OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 02.10.2010 20:04:04 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,88 Gb Total Space | 21,88 Gb Free Space | 19,56% Space Free | Partition Type: NTFS
Drive D: | 111,00 Gb Total Space | 75,96 Gb Free Space | 68,44% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SAMSUNG
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\u8ser\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\u8ser\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd)
PRC - d:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\WinTV\EPG Services\System\EPGService.exe (Hauppauge Computer Works)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (SAMSUNG Electronics)
PRC - C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe (SAMSUNG Electronics co., LTD.)
PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\u8ser\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (TomTomHOMEService) -- d:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (HauppaugeTVServer) -- C:\Program Files\WinTV\HCWTVServer.exe (Hauppauge Computer Works)
SRV - (EPGService) -- C:\Program Files\WinTV\EPG Services\System\EPGService.exe (Hauppauge Computer Works)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VcommMgr) -- C:\Windows\System32\Drivers\VcommMgr.sys File not found
DRV - (VComm) -- C:\Windows\System32\DRIVERS\VComm.sys File not found
DRV - (upperdev) -- C:\Windows\System32\DRIVERS\usbser_lowerflt.sys File not found
DRV - (pccsmcfd) -- C:\Windows\System32\DRIVERS\pccsmcfd.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IvtBtBUs) -- C:\Windows\System32\Drivers\IvtBtBus.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (btwrchid) -- C:\Windows\System32\DRIVERS\btwrchid.sys File not found
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys File not found
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys File not found
DRV - (BTHidMgr) -- C:\Windows\System32\Drivers\BTHidMgr.sys File not found
DRV - (BTHidEnum) -- C:\Windows\System32\Drivers\vbtenum.sys File not found
DRV - (BtHidBus) -- C:\Windows\System32\Drivers\BtHidBus.sys File not found
DRV - (Btcsrusb) -- C:\Windows\System32\Drivers\btcusb.sys File not found
DRV - (BT) -- C:\Windows\System32\DRIVERS\btnetdrv.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (ADDMEM) -- C:\Windows\TEMP\__Samsung_Update\ADDMEM.SYS File not found
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (btnetBUs) -- C:\Windows\System32\drivers\btnetBus.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ACEDRV07) -- C:\Windows\System32\drivers\ACEDRV07.sys (Protect Software GmbH)
DRV - (VMC302) -- C:\Windows\System32\drivers\vmc302.sys (Vimicro Corporation)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (hcw95rc) -- C:\Windows\System32\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.)
DRV - (hcw95bda) -- C:\Windows\System32\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.)
DRV - (acedrv11) -- C:\Windows\System32\drivers\ACEDRV11.sys (Protect Software GmbH)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (KMDFMEMIO) -- C:\Windows\System32\drivers\KMDFMEMIO.sys (SAMSUNG ELECTRONICS CO., LTD.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (NETw2v32) Intel(R) -- C:\Windows\System32\drivers\NETw2v32.sys (Intel® Corporation)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (HabuFltr) -- C:\Windows\System32\drivers\habu.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (ASPI) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.t-online.de/cpm-redir/ie-8.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/cpm-redir/ie-8.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://de-de.facebook.com/"
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.11 13:13:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.23 14:41:31 | 000,000,000 | ---D | M]
 
[2010.05.06 14:24:21 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\mozilla\Extensions
[2009.11.06 21:38:55 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010.03.25 02:06:34 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010.09.26 18:25:08 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\mozilla\Firefox\Profiles\5sjhec6g.default\extensions
[2010.05.06 14:28:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\u8ser\AppData\Roaming\mozilla\Firefox\Profiles\5sjhec6g.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.06 14:28:57 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\u8ser\AppData\Roaming\mozilla\Firefox\Profiles\5sjhec6g.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010.09.13 14:57:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.06.20 01:25:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.13 14:57:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2009.08.20 17:36:00 | 000,097,376 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\FFPDFConverter.dll
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.06.20 10:56:32 | 000,409,006 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.123topsearch.com
O1 - Hosts: 127.0.0.1    123topsearch.com
O1 - Hosts: 127.0.0.1    www.132.com
O1 - Hosts: 127.0.0.1    132.com
O1 - Hosts: 127.0.0.1    www.136136.net
O1 - Hosts: 127.0.0.1    136136.net
O1 - Hosts: 127.0.0.1    www.163ns.com
O1 - Hosts: 14145 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Programs\PartyGaming\PartyGammon\RunBackGammon.exe File not found
O9 - Extra 'Tools' menuitem : PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - C:\Programs\PartyGaming\PartyGammon\RunBackGammon.exe File not found
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programs\PartyGaming.Net\PartyPokerNet\RunPF.exe File not found
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: dbbv-online.de ([www] https in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: facebook.com ([www] https in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: mydvag.com ([www] https in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1ced4018-528b-11dd-8482-a102c65a2f41}\Shell - "" = AutoRun
O33 - MountPoints2\{1ced4018-528b-11dd-8482-a102c65a2f41}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O33 - MountPoints2\{69084e16-caf4-11de-a994-0013776d50d7}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{752f9f2d-97f2-11de-a232-0013776d50d7}\Shell\Open(&0)\command - "" = G:\Recycled\ctfmon.exe -- File not found
O33 - MountPoints2\{764d41a3-8b45-11de-b670-001f3c6d307f}\Shell - "" = AutoRun
O33 - MountPoints2\{764d41a3-8b45-11de-b670-001f3c6d307f}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{8b46a558-4f1e-11df-adb6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8b46a558-4f1e-11df-adb6-806e6f6e6963}\Shell\AutoRun\command - "" = H:\AUTOSTARTER.EXE -- File not found
O33 - MountPoints2\{929ebf2f-529f-11de-bd57-0013776d50d7}\Shell\Open(&0)\command - "" = G:\Recycled\ctfmon.exe -- File not found
O33 - MountPoints2\{932906e8-4d17-11dd-a6c0-e0038038c446}\Shell - "" = AutoRun
O33 - MountPoints2\{932906e8-4d17-11dd-a6c0-e0038038c446}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{96d6b8b6-2253-11df-92aa-c7ae976f5723}\Shell - "" = AutoRun
O33 - MountPoints2\{96d6b8b6-2253-11df-92aa-c7ae976f5723}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{96d6b8c7-2253-11df-92aa-806c5c6b9993}\Shell - "" = AutoRun
O33 - MountPoints2\{96d6b8c7-2253-11df-92aa-806c5c6b9993}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{99b15076-3bf0-11df-a491-0013776d50d7}\Shell - "" = AutoRun
O33 - MountPoints2\{99b15076-3bf0-11df-a491-0013776d50d7}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{99b15078-3bf0-11df-a491-0013776d50d7}\Shell - "" = AutoRun
O33 - MountPoints2\{99b15078-3bf0-11df-a491-0013776d50d7}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{9f456271-3b2c-11df-89bf-0013776d50d7}\Shell - "" = AutoRun
O33 - MountPoints2\{9f456271-3b2c-11df-89bf-0013776d50d7}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{9f456289-3b2c-11df-89bf-0013776d50d7}\Shell - "" = AutoRun
O33 - MountPoints2\{9f456289-3b2c-11df-89bf-0013776d50d7}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{9f4562ca-3b2c-11df-89bf-0013776d50d7}\Shell - "" = AutoRun
O33 - MountPoints2\{9f4562ca-3b2c-11df-89bf-0013776d50d7}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{9f4562cc-3b2c-11df-89bf-0013776d50d7}\Shell - "" = AutoRun
O33 - MountPoints2\{9f4562cc-3b2c-11df-89bf-0013776d50d7}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{c36986a6-3c87-11df-b608-0013776d50d7}\Shell - "" = AutoRun
O33 - MountPoints2\{c36986a6-3c87-11df-b608-0013776d50d7}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{c36986a7-3c87-11df-b608-0013776d50d7}\Shell - "" = AutoRun
O33 - MountPoints2\{c36986a7-3c87-11df-b608-0013776d50d7}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.02 20:02:59 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\u8ser\Desktop\OTL.exe
[2010.09.30 12:17:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.09.15 19:35:09 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2010.09.13 14:57:04 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.09.13 14:57:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.09.13 14:57:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2006.11.25 00:14:44 | 000,139,264 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK_wiz.dll
[2006.11.25 00:14:44 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\MACSSDK.dll
[8 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.02 20:05:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{85730654-E29C-4874-A36D-39FBE5EC9466}.job
[2010.10.02 20:05:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{58D761D1-4B05-4BE7-A793-C90D512363C7}.job
[2010.10.02 20:04:20 | 007,864,320 | -HS- | M] () -- C:\Users\u8ser\NTUSER.DAT
[2010.10.02 20:03:01 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\u8ser\Desktop\OTL.exe
[2010.10.02 19:59:36 | 001,592,556 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.10.02 19:59:36 | 000,685,712 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.10.02 19:59:36 | 000,642,704 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.10.02 19:59:36 | 000,149,786 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.10.02 19:59:36 | 000,121,592 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.10.02 19:45:29 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.02 19:45:29 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.02 19:43:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.10.02 19:10:01 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-707431271-2008918173-2048168635-1003UA.job
[2010.10.02 18:24:21 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\SupBackGroundTask.job
[2010.10.02 17:55:47 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.10.02 17:45:30 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.10.02 17:45:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.02 17:44:40 | 000,524,288 | -HS- | M] () -- C:\Users\u8ser\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010.10.02 17:44:40 | 000,065,536 | -HS- | M] () -- C:\Users\u8ser\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.10.02 17:06:33 | 000,001,356 | ---- | M] () -- C:\Users\u8ser\AppData\Local\d3d9caps.dat
[2010.10.02 05:42:46 | 000,196,608 | ---- | M] () -- C:\Users\u8ser\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.01 17:52:30 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.10.01 17:45:46 | 000,002,033 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.09.30 12:21:31 | 000,298,291 | ---- | M] () -- C:\Users\u8ser\AppData\Roaming\nvModes.001
[2010.09.30 12:10:00 | 000,001,066 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-707431271-2008918173-2048168635-1003Core.job
[2010.09.23 15:10:29 | 000,002,042 | ---- | M] () -- C:\Users\u8ser\Desktop\Google Chrome.lnk
[2010.09.14 15:18:50 | 001,482,723 | ---- | M] () -- C:\Users\u8ser\Desktop\Rundbrief August 2010.pdf
[2010.09.09 18:36:37 | 000,000,680 | RHS- | M] () -- C:\Users\u8ser\ntuser.pol
[8 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.10.01 17:45:46 | 000,002,033 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.09.14 15:18:50 | 001,482,723 | ---- | C] () -- C:\Users\u8ser\Desktop\Rundbrief August 2010.pdf
[2010.07.18 13:19:58 | 000,000,000 | ---- | C] () -- C:\Windows\Screensaver 'An apple a day'.ini
[2010.03.21 22:52:59 | 000,000,229 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2010.03.21 22:52:59 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2010.03.21 22:40:42 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.03.21 22:40:42 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010.02.14 01:35:17 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.01.13 01:04:17 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009.11.25 14:40:50 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.11.22 19:03:41 | 000,000,206 | ---- | C] () -- C:\Users\u8ser\AppData\Roaming\burnaware.ini
[2009.10.20 22:31:48 | 000,589,824 | ---- | C] () -- C:\Windows\System32\olevluzr.dll
[2009.10.20 22:31:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.11 01:03:04 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009.07.17 12:31:00 | 000,000,083 | ---- | C] () -- C:\Windows\Bibi_Tina6.ini
[2009.06.17 15:02:46 | 000,029,192 | ---- | C] () -- C:\Windows\System32\drivers\btnetBus.sys
[2009.04.25 19:28:21 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.03.20 23:48:09 | 000,001,947 | ---- | C] () -- C:\Windows\vtplus32.ini
[2009.03.20 23:48:06 | 000,000,030 | ---- | C] () -- C:\Windows\System32\UNWISE.INI
[2009.03.20 23:47:37 | 000,032,295 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.03.20 23:47:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dmcrypto.dll
[2009.03.20 23:47:07 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.03.20 23:47:04 | 000,163,840 | ---- | C] () -- C:\Windows\System32\hcwChDB.dll
[2009.03.20 23:45:57 | 000,006,268 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2009.02.21 14:12:12 | 000,000,197 | ---- | C] () -- C:\Windows\disneysy.ini
[2009.02.21 12:23:33 | 000,000,355 | ---- | C] () -- C:\Windows\Disney.ini
[2009.02.01 13:52:31 | 000,000,458 | ---- | C] () -- C:\Windows\wininit.ini
[2009.01.22 21:51:37 | 000,003,082 | ---- | C] () -- C:\Windows\System32\affv9869p3now.sys
[2008.12.26 21:11:30 | 000,000,000 | ---- | C] () -- C:\Windows\TutuSoft_Audio_Ogg.INI
[2008.12.18 22:38:04 | 000,000,090 | ---- | C] () -- C:\Users\u8ser\AppData\Local\mcafejxw.bat
[2008.12.06 14:38:44 | 000,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys
[2008.12.02 18:59:48 | 000,000,088 | ---- | C] () -- C:\Windows\mp3wavcon.ini
[2008.12.02 18:58:32 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2008.12.02 06:07:38 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008.12.02 06:06:30 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.12.01 19:04:23 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008.11.30 12:51:12 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2008.10.31 00:14:17 | 000,000,552 | ---- | C] () -- C:\Users\u8ser\AppData\Local\d3d8caps.dat
[2008.10.28 18:40:48 | 000,173,552 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.08.21 22:01:36 | 000,000,020 | ---- | C] () -- C:\Windows\eplan.ini
[2008.08.09 21:43:10 | 000,001,356 | ---- | C] () -- C:\Users\u8ser\AppData\Local\d3d9caps.dat
[2008.07.08 22:14:29 | 000,697,328 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.07.08 20:43:01 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2008.07.08 20:42:49 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2008.07.04 20:20:15 | 000,298,291 | ---- | C] () -- C:\Users\u8ser\AppData\Roaming\nvModes.001
[2008.07.04 20:19:26 | 000,298,291 | ---- | C] () -- C:\Users\u8ser\AppData\Roaming\nvModes.dat
[2008.06.26 17:24:04 | 000,196,608 | ---- | C] () -- C:\Users\u8ser\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.12.29 02:57:47 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2007.12.29 02:57:47 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2007.09.04 12:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007.02.16 02:51:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\NDADLL.dll
[2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.30 03:00:28 | 000,307,200 | ---- | C] () -- C:\Windows\System32\LDBGenWizView.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.10.09 20:01:28 | 000,061,440 | ---- | C] () -- C:\Windows\System32\AVSAudioWideStereoDMO.dll
[2005.04.27 13:40:30 | 000,002,572 | ---- | C] () -- C:\Windows\WINDVDBOOTRECDOE.sys
[2002.08.08 06:11:30 | 000,319,488 | R--- | C] () -- C:\Users\u8ser\AppData\Roaming\MafiaSetup.exe
 
========== LOP Check ==========
 
[2008.12.08 00:42:09 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\Activision
[2008.08.21 17:54:29 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\Autodesk
[2008.08.14 00:59:02 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\CasinoOnNet
[2010.07.18 10:01:55 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\cerasus.media
[2008.07.08 22:14:20 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\DAEMON Tools
[2010.04.08 20:37:40 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\DAEMON Tools Pro
[2009.06.01 12:53:43 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\dBpoweramp
[2010.06.01 17:48:57 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\Desktopicon
[2008.11.08 00:43:54 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\FileZilla
[2010.06.20 00:48:31 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\GrabPro
[2009.12.30 23:26:00 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\IrfanView
[2009.11.20 19:48:53 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\Jumping Bytes
[2009.02.10 16:12:25 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\Kiddinx
[2010.09.23 15:28:09 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\LimeWire
[2009.10.19 21:53:40 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\Nokia
[2008.10.20 21:26:50 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\OpenOffice.org
[2009.04.20 19:55:52 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\Opera
[2009.09.25 20:57:13 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\PC Suite
[2009.11.17 02:38:32 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\PDF Software
[2009.10.21 22:30:59 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\ProtectDisc
[2010.02.28 13:40:49 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\runic games
[2010.06.18 15:12:11 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\SoftMaker
[2010.05.23 15:16:27 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\TaskCoach
[2009.06.05 21:43:58 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\TeamViewer
[2009.04.12 17:38:19 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\The Games Company
[2009.11.06 21:38:52 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\TomTom
[2008.12.01 19:00:16 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\Toolbars
[2009.12.19 01:44:49 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\Tropico 3
[2008.12.08 00:55:33 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\Ubisoft
[2009.09.02 21:47:24 | 000,000,000 | ---D | M] -- C:\Users\u8ser\AppData\Roaming\Youdagames
[2010.10.01 17:52:31 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.10.02 18:24:21 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\SupBackGroundTask.job
[2010.10.02 20:05:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{58D761D1-4B05-4BE7-A793-C90D512363C7}.job
[2010.10.02 20:05:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{85730654-E29C-4874-A36D-39FBE5EC9466}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_PVX2VCGKMVF9V8N4TKBRVDNGCMXLJ4M28WDP36MLTJ5KJ4VPXHAT
@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:8FF81EB0
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:0CE7F3C9
< End of report >
--- --- ---
Alt 03.10.2010, 14:47   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner TR/Gendal gefunden und mit OTL gesvannt - Standard

Trojaner TR/Gendal gefunden und mit OTL gesvannt


Zitat:
Habe diesen Trojaner mit AntiVir gefunden
Immer die genauen Schädlingsnamen und Pfadangaben notieren und posten!

Aus den Regeln:

5. Beschreibe Dein Problem in einigen Sätzen und arbeite diese Anleitung ab Punkt 2. durch
Auch Funde von deiner Sicherheitssoftware bitte im Thema nennen: (z.B. c:\windows\virus.exe)
Fehlen diese Angaben, kann und wird dir hier niemand helfen.
__________________

__________________
Antwort

Themen zu Trojaner TR/Gendal gefunden und mit OTL gesvannt
.dll, acer, agere systems, alternate, antivir, avgntflt.sys, avira, bho, cdrom, components, corp./icp, defender, explorer, explorer.exe, firefox, google, home, home premium, ics, location, logfile, microsoft, mozilla, nvidia, nvlddmkm.sys, nvstor.sys, oldtimer, otl logfile, otl.exe, plug-in, programdata, realtek, registry, saver, sched.exe, searchplugins, server, software, sptd.sys, temp, trojaner, vista, winlogon


« Keine Windows Updates möglich: Fehler 0x80072EFD | 007Guard , wie Loswerden ? »


Ähnliche Themen: Trojaner TR/Gendal gefunden und mit OTL gesvannt


  1. TR/ATRAPS.Gen2 und TR/Gendal.15360 gefunden, wie loswerden?
    Plagegeister aller Art und deren Bekämpfung - 06.08.2013 (3)
  2. Mehrere Trojaner durch Malwarebytes Anti Malware gefunden und ein Virus durch Avira gefunden (TR/Gendal.81920.6)
    Log-Analyse und Auswertung - 10.11.2012 (1)
  3. TR/Gendal.606105
    Plagegeister aller Art und deren Bekämpfung - 01.02.2012 (2)
  4. Trojaner Gendal.2.4609 in autorun.inf / .scr Datei -> Logfiles
    Log-Analyse und Auswertung - 08.12.2011 (22)
  5. TR/Gendal.kdv 370119.1 Virus
    Plagegeister aller Art und deren Bekämpfung - 18.11.2011 (19)
  6. Trojaner TR/Gendal
    Log-Analyse und Auswertung - 29.10.2011 (7)
  7. Avira meldet TR/gendal.a.6183
    Log-Analyse und Auswertung - 28.10.2011 (19)
  8. TR/Gendal.kdv.371931.1 und TR/FakeSysdef.506'
    Plagegeister aller Art und deren Bekämpfung - 11.10.2011 (1)
  9. Trojaner TR/Gendal.4987692 "amcap.exe" setzt Internetverbindung lahm!
    Plagegeister aller Art und deren Bekämpfung - 05.10.2011 (5)
  10. Trojanisches Pferd TR.Gendal.KD.319425.1
    Plagegeister aller Art und deren Bekämpfung - 21.08.2011 (25)
  11. TR/Gendal.13945 - Immer noch da ?
    Plagegeister aller Art und deren Bekämpfung - 20.09.2010 (9)
  12. Trojaner Tr/Gendal. 35888 gefunden-was tun???
    Log-Analyse und Auswertung - 05.08.2010 (19)
  13. Trojaner TR/Gendal.45271
    Plagegeister aller Art und deren Bekämpfung - 26.07.2010 (1)
  14. Tr/gendal.45271
    Plagegeister aller Art und deren Bekämpfung - 23.07.2010 (1)
  15. TR/Gendal.86833 befall
    Plagegeister aller Art und deren Bekämpfung - 02.05.2009 (3)
  16. TR/Agent.83096 und TR/Gendal.228352 gefunden,gelöscht und wieder drauf
    Plagegeister aller Art und deren Bekämpfung - 20.08.2008 (3)
  17. Trojaner TR/Gendal.2001550 Fund!
    Plagegeister aller Art und deren Bekämpfung - 21.07.2008 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojaner TR/Gendal gefunden und mit OTL gesvannt - Hallo !!!! Habe diesen Trojaner mit AntiVir gefunden und nach den Postvorschlägen hier im Forum mit OTL gescannt. Hier nun das Ergebnis,bitte um Hilfestellung wie ich den ohne Formatierung loswerde!!! - Trojaner TR/Gendal gefunden und mit OTL gesvannt...
Archiv
Du betrachtest: Trojaner TR/Gendal gefunden und mit OTL gesvannt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55